Skip to main content
CVE-2016-7841 MEDIUM This Month

Cross-site scripting vulnerability in Olive Diary DX allows remote attackers to inject arbitrary web script or HTML via the page parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Olive Diary Dx
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-7839 MEDIUM This Month

Cross-site scripting vulnerability in Olive Blog allows remote attackers to inject arbitrary web script or HTML via the search parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Olive Blog
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-2151 MEDIUM This Month

Cross-site scripting vulnerability in Booking Calendar version 7.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Booking Calendar
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-7840 MEDIUM This Month

Cross-site scripting vulnerability in WEB SCHEDULE allows remote attackers to inject arbitrary web script or HTML via the month parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Olive Blog
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-2105 MEDIUM PATCH This Month

The TVer App for Android 3.2.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Information Disclosure Tver
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2017-2104 MEDIUM PATCH This Month

The Business LaLa Call App for Android 1.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Information Disclosure Business Lala Call
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2017-2103 MEDIUM PATCH This Month

The LaLa Call App for Android 2.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Information Disclosure Lala Call
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2017-2110 MEDIUM This Month

The Access CX App for Android prior to 2.0.0.1 and for iOS prior to 2.0.2 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Apple Information Disclosure Access Cx
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2017-2150 MEDIUM This Month

Directory traversal vulnerability in Booking Calendar version 7.0 and earlier allows remote attackers to read arbitrary files via specially crafted captcha_chalange parameter. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Booking Calendar
NVD
CVSS 3.0
5.3
EPSS
1.2%
CVE-2017-2148 MEDIUM This Month

Cross-site scripting vulnerability in WN-AC1167GR firmware version 1.04 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wn Ac1167Gr Firmware
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-2092 MEDIUM This Month

Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Garoon
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-2114 MEDIUM This Month

Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Microsoft Office
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-2127 MEDIUM This Month

Cross-site scripting vulnerability in YOP Poll versions prior to 5.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Yop Poll
NVD
CVSS 3.0
5.4
EPSS
0.1%
CVE-2017-2143 MEDIUM PATCH This Month

CS-Cart Japanese Edition v4.3.10-jp-1 and earlier, CS-Cart Multivendor Japanese Edition v4.3.10-jp-1 and earlier allows remote attackers to bypass access restriction to create a request to return a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass PHP Cs Cart Japanese Edition Cs Cart Multivendor Japanese Edition
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2017-2139 MEDIUM This Month

CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to bypass access restriction. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass PHP Cs Cart
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-2117 MEDIUM PATCH This Month

Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Cubecart
NVD
CVSS 3.0
4.9
EPSS
1.7%
CVE-2017-2093 MEDIUM This Month

Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Information Disclosure Garoon
NVD
CVSS 3.0
4.3
EPSS
0.3%
CVE-2017-2116 MEDIUM This Month

Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete "customapp" templates via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Office
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2017-2095 MEDIUM This Month

Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2017-2091 MEDIUM This Month

Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2017-1141 MEDIUM PATCH This Month

IBM Insights Foundation for Energy 1.0, 1.5, and 1.6 could allow an authenticated user to obtain sensitive information from error messages. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Insights Foundation For Energy
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2017-2094 MEDIUM This Month

Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Garoon
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2017-2115 MEDIUM This Month

Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Office
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2016-7815 MEDIUM This Month

Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certificates, which may allow remote attackers to gain access to systems on the network. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Remote Service Manager
NVD
CVSS 3.0
4.2
EPSS
0.1%
CVE-2017-2137 LOW Monitor

ProSAFE Plus Configuration Utility prior to 2.3.29 allows remote attackers to bypass access restriction and change configurations of the switch via SOAP requests. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Prosafe Plus Configuration Utility
NVD
CVSS 3.0
3.7
EPSS
0.4%
CVE-2017-2109 LOW Monitor

Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to obtain log information through a malicious Android application. Rated low severity (CVSS 2.5), this vulnerability is no authentication required. No vendor patch available.

Google Information Disclosure Kunai
NVD
CVSS 3.0
2.5
EPSS
0.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy